[FIX] web_linkedin: possible problem with loading of images

lp bug: https://launchpad.net/bugs/1116226 fixed bzr revid: nicolas.vanhoren@openerp.com-20130206151105-4xgxm350yje4vhtb
2013-02-06 16:11:05 +01:00 · 2013-02-06 16:11:05 +01:00 · 222802f001
parent 33ae77e803
commit 222802f001
1 changed files with 6 additions and 1 deletions
--- a/addons/web_linkedin/web_linkedin.py
+++ b/addons/web_linkedin/web_linkedin.py
@ -29,7 +29,12 @@ class Binary(openerp.addons.web.http.Controller):
    _cp_path = "/web_linkedin/binary"

    @openerp.addons.web.http.jsonrequest
-    def url2binary(self, req,url):
+    def url2binary(self, req, url):
+        if not url.startswith("http"):
+            raise Exception("Not allowed to load a file using this protocol")
+        if url.count("?") > 0 or url.count("&") > 0 or url.count("=") > 0:
+            raise Exception("Not allowed to use GET parameters")
+        req.session.assert_valid(force=True)
        bfile = urllib2.urlopen(url)
        return base64.b64encode(bfile.read())